E-voting under scrutiny as US election enters the home stretch

As polling places report record numbers of early and absentee votes cast, Fortify has released a report pinpointing where trouble with e-voting could most easily arise in 2008.

Reports from around the nation indicate that turnout for the 2008 elections is on track to set participation records. But after a series of mishaps, meltdowns, and curious coincidences in recent years, voters may not trust the gear with which they're voting.

That's troubling to researchers at San Mateo-based Fortify Software, who have put together a report detailing the immediate implications of the American patchwork of hand-counted paper ballots, optical-scan machines, DREs, vote-by-mail, ancient lever machines, and even punchcards, the chad-ridden bane of the 2000 presidential race.

Yes, punchcard voting is still out there, according to Fortify's Joy Forsythe. "There are still nine counties in Iowa Idaho using those," she notes, and of the six voting methods Fortify reviewed, punchcards rank dead last on the list of preferred voting techniques. That ranking's based on their serious problems with both accuracy and verifiability (both by anxious voters hoping they marked their ballots as intended and by anyone seeking to prove that the final tally is accurate).

Lever machines placed fifth on Fortify's list -- they're accurate, sure, but the vote is unverifiable. (That satisfying ker-thump when you pull the lever only tells you that a vote has been recorded, not that it's the one the voter intended.) A few lever units are still in play, mainly in New York, where years of conflict over the implementation of 2002's Help America Vote Act have delayed adoption of newer voting machines.

Of course, the newer machines are famously troubled, and bringing up the #4 spot on the list are direct-recording electronic machines -- the controversial touch-screen DREs, which rely on screen taps and proprietary hardware and software to function.

DREs have been at the epicenter of e-voting controversy for years, as researchers hack them with ease and voters report disturbing problems in the booth. Those problems have been angrily denied by manufacturers such as Election Systems & Software, Sequoia Voting Systems and Premier Election Solutions (formerly a division of Diebold); still, Fortify found that the number of voters who'll confront DREs at the polling place has dwindled for the 2008 election.

So what works? The voting method that best combines accuracy, verifiability, incoercibility (that is, making it impossible for a voter to display the contents of his or her ballot to anyone, making it impossible for anyone else to demand that it be revealed), and privacy is...hand-counted paper ballots. (Very Norman Rockwell!) Behind that are paper ballots that are optically scanned, the accuracy of which is comparable to that of hand-counting and which scales well for widespread use.

Rounding out the top three is absentee balloting, which usually relies on optical-scan technology but is also prey to glitches with delivery -- and, because it's done outside a polling station, has few privacy or incoercibility protections.

And yet none of these methods is perfect; there is, in fact, probably no perfect voting method, according to Jacob West, who co-authored the study with Forsythe and Brian Chess. Forsythe notes, though, that voting methods based on open source, as Brazil is using, would inspire more confidence as the code underwent scrutiny by anyone who cared to see how the machines were operating. "Many of the [e-voting] problems we've seen in America could have been spotted in open source," adds West.

On the horizon, there's promising research into systems that would print a receipt that couldn't be used to show a coercing party one's ballot, but could be used by the voter to check that the vote was correctly tabulated. Cryptography is a factor in a voting technique that would involve a randomly generated, two-sheet ballot; that effort, Punchscan, is being headed by electronic-cash pioneer David Chaum.

Overall there's progress, as the nation recovers from the good intentions of HAVA ("We threw a bunch of federal funding at a problem we didn't understand," comments West) and as companies conclude that problems can't simply be ignored or ascribed to some sort of Luddite fringe movement. West notes that election officials and e-voting manufacturers alike could learn from advances made in other kinds of software, as well as from tech-industry advances such as the PCI DSS credit-card security standard and the Microsoft-led Trustworthy Computing Security Development Lifecycle (SDL).

Forsythe adds that since many election officials (and poll workers) aren't familiar with technology, education is necessary as well -- and that Fortify's interest in making the software secure and otherwise ensuring that the underlying technology is right for the task dovetails with the guidance needs to keep the e-voting conversation moving after November 4. "The failure point [in e-voting]," adds West, "shouldn't be the software."

The full Fortify report is available online (PDF available here).